In a server/client model, a client accesses a server through a communication network and inputs a predetermined request in a user terminal. The server responds to the user terminal in correspondence to the request.
At this time, the user may input the request not for the purpose of obtaining the response, but for another purpose.
For example, a search server providing search service may statistically analyze the search request of the user and use the analyzed search request in order to generate and provide a search result list in accordance with preference of the user. A search result that the user provided with the search result list “frequently” selects may be considered to be highly relevant to the search request. Also, the preference of users about the search result may be considered to be very high. Thus, the search server gives priority to the search result in order to preferentially provide the search result to users with regard to the search request.
In this case, “a selection of a search result” of the user is used as “a request for receiving information associated with the search result or accessing a webpage associated with the search result” or “a standard for generating a search result list”. A user knowing the above fact well may repeatedly select the same search result from the search result list provided in response to a predetermined search query. In this manner, the priority is given to the search result selected by the user. Of course, in case that the priority is given in such a manner that the user repeatedly selects the search result with malicious intent, the original purpose of preferentially providing a search result which is highly relevant to a search request and preferred by users cannot be obtained.
Accordingly, in case that a user inputs a request for selecting a search result, the search server is required to determine whether the request is inputted with malicious intent. In case that it is determined that the request is inputted with malicious intent, information associated with the search result is provided as per the request, but, is preferable not to be used as a standard for generating a search result list. Like above, it may be necessary to determine whether “a request” of a user inputted into a predetermined system is generated with malicious intent, which is against the object of the system.
Hereinafter, the term “command” used in the present specification is an inclusive concept including “a request” of a user for performing a predetermined operation in a predetermined server system, “a conversation” of a user or the “information” itself for providing predetermined information to the server system. The “command” may be transmitted to the server system by transmitting “a command line” from a terminal of the user to the server system.
Korean Patent Application No. 10-2002-7010554 (“Title: A system and method to determine the validity of a conversation on a network, hereinafter, referred to as “application invention”) discloses one of methods for determining the validity of a command of a user. The Korean Patent Application designates a conversation inputted with malicious intent of a user as “an illegal conversation” in the specification.
The application invention includes the steps of 1) collecting data including “collective method data” and “private characteristic data” from a user conversation on a network, 2) storing data in a database, 3) constructing an estimation model using collective method data and private characteristic data in order to identify an illegal conversation with a network, and 4) identifying the illegal conversation in the database by using the estimation model.
Also, the application invention discloses ‘the number of a private IP address per unit time/search list click’, ‘the number of a private IP address per unit time/entry source’, and ‘the number of a private IP addresses per unit time/advertiser accepting a chargeable click’ as “collective method data”.
Also, the application invention discloses ‘an IP address of a click generating an income’ and ‘a time stamp of a click generating an income’ as “private characteristic data”.
Like above, the application invention adopts a method of identifying an illegal conversation by using “a private IP address”. In case that the private IP address is used to identify an illegal conversation such above, it is easy to identify the illegal conversation by using a terminal having the private IP address when a user inputs the illegal conversation constantly.
However, while the population of using the Internet increases, there is a problem that an IP address is short when it is allocated to a terminal of each user in accordance with an address system of existing IPv4. In order to solve the problem, a method of allocating an IP address by using NAT, NAPT, and the like is widely used. According to the method such above, an IP address allocated to a predetermined terminal is dynamic.
In case that a private IP address changes too often or the private IP address of a terminal is hardly recognizable, such as for example, a terminal accessing a private network using a dynamic IP address or a terminal accessing through a proxy server, there is a problem that a method for identifying an illegal conversation just like in the application invention does not work well.
Accordingly, in case that it is difficult to identify each of terminals inputting each of command lines, such as, a terminal got access to a private network or a terminal accessing through a proxy server, there is required a method capable of identifying the command line illegally inputted from the terminal when it is inputted.